(Desirable featues of a static analyzer for dynamicall typed programs)

Line 3:

Line 3:

While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.

While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.

+

+

==Goals==

+

The Phases below seem directed toward finding exploits by analysis of 3rd party open source code. To me what is more interesting is finding errors in dynamically typed languages such as Python before runtime. For instance it's very painful live-coding a Python program with many code paths, when a typo in a variable name will not be uncovered until that block of code is reached (at which point there is a fatal error). The first thing a static analysis tool should do is trace all paths of a Python program looking for possible unbound variables.

Contents

The Phases below seem directed toward finding exploits by analysis of 3rd party open source code. To me what is more interesting is finding errors in dynamically typed languages such as Python before runtime. For instance it's very painful live-coding a Python program with many code paths, when a typo in a variable name will not be uncovered until that block of code is reached (at which point there is a fatal error). The first thing a static analysis tool should do is trace all paths of a Python program looking for possible unbound variables.